An assessment of security requirements compliance of cloud providers

CloudCom 2012 - Proceedings: 2012 4th IEEE International Conference on Cloud Computing Technology and Science

Volumn , Issue , 2012, Pages 520-525

  Bhensook, Nuntapun ^a   Senivongse, Twittie ^a  

^a CHULALONGKORN UNIVERSITY   (Thailand)

Author keywords

assessment; cloud computing; security

Indexed keywords

AMAZON WEB SERVICES; ASSESSMENT; CLOUD CONSUMERS; CLOUD CONTROL; CLOUD PROVIDERS; CLOUD SECURITIES; GOAL-QUESTION-METRIC APPROACH; SCORING MODELS; SCORING SYSTEMS; SECURITY; SECURITY COMPLIANCE; SECURITY GOALS; SECURITY REQUIREMENTS; SYSTEM REQUIREMENTS;

OUTSOURCING; WEB SERVICES;

CLOUD COMPUTING;

EID: 84874232561     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CloudCom.2012.6427484     Document Type: Conference Paper

References (16)

1. W. Jansen and T. Grance, Guidelines on Security and Privacy in Public Cloud Computing, NIST Special Publication 800-144, December 2011.
2. ISO, ISO/IEC 27001:2005 Information Technology-Security Techniques-Information Security Management Systems-Requirements, October 2005.
3. Cloud Security Alliance, GRC Stack, https://cloudsecurityalliance.org/ research/grc-stack/
4. V. Basili, G. Caldiera, and H. D. Rombach, "Goal question metric paradigm," Encyclopedia of Software Engineering Volume 1, J. J. Marciniak, ed., John Wiley & Sons, 1994, pp.528-532.
5. Cloud Security Alliance, Cloud Controls Matrix, https:// cloudsecurityalliance.org/research/ccm/
6. Cloud Security Alliance, Consensus Assessments Initiative Questionnaire, https://cloudsecurityalliance.org/research/cai/
7. Cloud Security Alliance, CloudAudit, http://cloudaudit.org/CloudAudit/ Home.html
8. Sun Microsystems, Inc., Building Customer Trust in Cloud Computing with Transparent Security, White Paper, November 2009.
9. R. Knode and D. Egan, Digital Trust in the Cloud: Into the Cloud with CTP: A Precis for the CloudTrust Protocol, Computer Sciences Corporation, 2010.
10. W. A. Pauley, "Cloud provider transparency: An empirical evaluation," IEEE Security & Privacy, pp. 32-39, November/December 2010.
11. A. Sumetanupap and T. Senivongse, "Enhancing service selection with a provider trustworthiness model," Proc. 8th Int. Joint Conf. Computer Science and Software Engineering (JCSSE 2011), IEEE CS Press, May 2011, pp. 281-286.
12. Project Management Institute (PMI) Standards Committee, A Guide to the Project Management Body of Knowledge (PMBOK Guide) Fourth Edition", Project Management Institute, 2008.
13. The Institue of Internal Auditors, Auditing IT Projects, https://na.theiia.org/Pages/iiahome.aspx
14. Amazon Web Services, AWS Security and Compliance Center, http://aws.amazon.com/security/#certifications
15. Amazon Web Services, Penetration Testing, http://aws.amazon.com/security/ penetration-testing/
16. Amazon Web Services, Overview of Security Processes, May, 2011, http://d36cz9buwru1tt.cloudfront.net/pdf/AWS-Security-Whitepaper.pdf